package cn.tedu.cn.tedu.homework;

import cn.tedu.kit.JDBCUtils2;

import java.sql.*;
import java.util.Scanner;

/**
 * @author :Colin
 * @version 创建时间: 2021/7/5 18:35
 * 本类用于解决sql攻击问题
 */
public class modifiedSQL {
    public static void main(String[] args) {
        System.out.println("输入用户名");
        String username = new Scanner(System.in).nextLine();
        System.out.println("输入密码");
        String password =new Scanner(System.in).nextLine();
        method(username,password);
    }

    private static void method(String username,String password) {
        Connection conn=null;
        PreparedStatement ps=null;
        ResultSet rs=null;
        try {
            conn = JDBCUtils2.getConnection();
            //3.获取传输器
            String sql="select * from user where name = ? and password = ?";
            ps = conn.prepareStatement(sql);
            ps.setString(1,username);
            ps.setString(2,password);
            //4.执行sql语句
           rs = ps.executeQuery();
            //5.解析结果集
            if (rs.next()){
                System.out.println("登陆成功");
            }else{
                System.out.println("登陆失败");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }finally{

           JDBCUtils2.close(rs,ps,conn);

        }

    }

}
